Cisco Router Access List Fundamentals

January 5, 2019

Without network security, many organisations and home users alike will be exposed for the world to see and access. Network security doesn’t 100% prevent unauthorized users from entering your network however it does help limit a network’s availability from the outside world. Cisco devices have some of tools to aid monitor which will help prevent security threats. Just about the most common technologies found in Cisco network security are Access Control Lists or perhaps Access Lists (ACLs). When businesses be determined by their network to build income, potential security breaches turned into a huge concern.

ACL’s are implemented through Cisco IOS Software. ACL’s define rules which can be used to prevent some packets from flowing over the network. The policies implemented on access-lists are often used to limit a particular network or host from accessing another network or host. However ACL’s can be more granular by implementing what is known as a prolonged access-list. Such a ACL permits you to deny or permit traffic based not simply on source or destination Internet protocol address, and also based on the type data that is being sent.



Extended ACL’s can examine multiple areas of the packet headers, requiring that all the parameters be matched before denying or allowing the traffic. Standard ACL’s are easier to configure but do not enable you to deny or permit information depending on more specific requirements. Standard Access-Lists only enable you to permit or deny traffic using the source address or network. When designing ACL’s do not forget that there’s always an implicit deny statement. Which means that if your packet will not match all of your access list statements, it’s going to be blocked automatically. To over come this you must configure the permit any statement on Standard ACL’s as well as the permit any any statement on Extended ACL’s.

Packets may be filtered in many ways. You can filter packets as they enter a router’s interface before any routing decision is made. It’s also possible to filter packets before they exit an interface, after the routing decision is manufactured. Configured ACL’s statements are invariably read all the way through. Therefore if a packet matches an announcement before going from the whole ACL, it stops and makes a forwarding decision based on that statement that it matches. Therefore the most important and particular statements must be made at the start of your list and you should create statements beginning with essentially the most essential to the least critical.

To get more information about switch cisco 2960X check out this popular web portal.